Thursday, March 31, 2011

Complete DHS Daily Report for March 31, 2011

Daily Report

Top Stories

WSAZ reports Kanawha County, West Virginia, emergency responders destroyed more than 1,600 pounds of explosives found in a trailer near a trash fire. (See item 5)

5. March 29, WSAZ 3 Huntington/Charleston – (West Virginia) Explosive-type material found in Sissonville, chief deputy says. Kanawha County, West Virginia, emergency responders said they successfully destroyed more than 1,600 pounds of explosives after they were discovered near a trash fire March 29. But, the move was just one of a series of incidents that kept officials busy all day. A West Virginia Department of Environmental Protection spokesman said during the weekend of March 26 and 27, a person was caught burning tires. Crews returned March 29 to the site near Sissonville to clean up two methamphetamine dumping sites found where the tires were burned. As emergency responders were working on that, Sissonville fire officials got a call about a trash fire at a home off Walker Drive, about 3 miles from where the dumping sites were being cleaned. The fire burned near a trailer that was left at the site of an abandoned mine. Inside the trailer, there was more than 1,600 pounds of explosives, including 128 10-pound explosive charges and eight 50-pound bags of ammonium nitrate. The property owner said he did not think it was that big of a deal. A sergeant said, “Anytime you’re dealing with explosives, you’re dealing with a hazard to the public.” Officials brought in a bomb squad and set up a nearby staging area. They spent hours handling the explosive material and did a controlled burn to destroy it. Officials said nobody was hurt. Source:


According to Bloomberg, the National Security Agency has joined a probe of the October 2010 cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion was more severe than first disclosed. See item 11 below


Banking and Finance Sector

11. March 30, Bloomberg – ( National) U.S. spy agency is said to probe hacker attack on Nasdaq. The National Security Agency (NSA) has joined a probe of the October 2010 cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion by hackers was more severe than first disclosed, according to people familiar with the investigation. The involvement of NSA, may help the initial investigators — Nasdaq and the FBI — determine more easily who attacked and what was taken. It may also show the attack endangered the security of the nation’s financial infrastructure. “By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” said the former head of U.S. counterintelligence. NSA’s most important contribution to the probe may be its ability to unscramble encrypted messages hackers use to extract data, said a former NSA analyst and chief security strategist at Technodyne LLC. The probe of the attack on the second biggest U.S. stock exchange operator, disclosed in February, is also being assisted by foreign intelligence agencies, said one of the people involved in the investigation. Investigators have yet to determine which Nasdaq systems were breached and why, and it may take months for them to finish their work, two of the people familiar with the matter said. Disclosure of the attack prompted the U.S. House Financial Services Committee in February to begin a review of the safety of the country’s financial infrastructure, according to the committee’s chairman. Source:

12. March 29, – (National) Pay-at-the-pump scams targeted. As pay-at-the-pump skimming scams grow in the United States and Europe, police in Camarillo, California, have taken the unique step of enlisting help from civilians to fight skimming crimes. Known as the citizen patrol unit, the group of 30 civilian volunteers has been tasked with monitoring pay-at-the pump terminals throughout Camarillo, looking for signs of tampered terminals or the installation of illegal skimming devices. It is not the first time a community has enlisted help outside law enforcement to curb card skimming at gas pumps. In July 2010, the Arizona governor directed the state department of weights and measures to increase gas pump inspections. Card-skimming attacks at pumps in Utah and Florida captured headlines in 2010. So far in 2011, new attacks have cropped up in Arizona and Europe. And late the week of March 21, police in Ormond Beach, Florida, warned locals that skimming devices at stations along U.S. 1 could have been hitting cards for more than a month. Source:

13. March 29, New York Times – (New Jersey; New York) ‘Holiday Bandit’ suspect held after 9 bank holdups. A Ukrainian man who federal authorities said robbed a string of banks, earning him a place among the FBI’s most wanted and the nickname the “Holiday Bandit,” was arrested March 29 in Queens, New York. The suspect is accused of robbing nine banks in New York and New Jersey, many of them during the 2010 holiday season. Investigators said they believed the suspect had robbed nine banks since December 2010, when he passed a note demanding cash to a teller at a Sovereign Bank in Queens. The series ended, officials said, when he walked out of a Cathay Bank in Edison, New York, March 28, armed with a handgun. The suspect managed to elude authorities for more than 2 months even after the FBI identified him as a suspect in January, distributing surveillance camera images that clearly showed his face. During that time, the suspect did not keep a low profile: instead, he robbed six more banks, authorities said. Little is known about the suspect. Investigators believe he lived in California for a time, and settled in New York about a year ago. They believe he is a heroin user, and suspect that he robbed banks to obtain enough money to keep his drug habit going, one person briefed on the investigation said. The FBI said the suspect planned his robberies very carefully, and until this week proved better at avoiding detection than most. His arraignment in federal district court in Brooklyn was postponed March 29 because he needed medical attention, a law enforcement official said. Source:

14. March 29, Federal Bureau of Investigation – (Florida; International) Jamaican citizen pleads guilty to $220 million Ponzi fraud and money laundering charges. A U.S. attorney announced March 29 that a 41-year-old Jamaican citizen who was living in the Turks and Caicos Islands pleaded guilty to 4 counts of wire fraud, 1 count of conspiracy to commit money laundering, and 18 counts of money laundering. The wire fraud counts carry a maximum penalty of 20 years in federal prison, a fine of $250,000, and a term of supervised release of not more than 3 years. In addition, for each count of wire fraud, the fine may be assessed at twice the amount of gross gain or loss. According to the plea agreement, for more than 3 years, the man executed a Ponzi scheme to defraud more than 6,000 investors located in the Middle District of Florida and elsewhere out of more than $220 million. The convict led investors to believe he was investing their money in foreign currency trading, earning 10 percent per month on average. In fact, he was not trading their funds. He also conspired with others to launder about $128 million of proceeds obtained through a wire fraud scheme. The convict’s operation of the Ponzi scheme effectively ended on July 15, 2008, when the Royal Turks and Caicos Police Force, Financial Crimes Unit, executed search warrants at his place of business and residence in Providenciales, Turks and Caicos Islands. Source:

15. March 29, Media Newswire – (Ohio) Columbus man pleads guilty to robbing eight banks in four counties. A Columbus, Ohio, man pleaded guilty in U.S. district court to robbing eight banks across Ohio in Franklin, Madison, Montgomery, and Delaware counties between October 2010 and January 2011. The man pleaded guilty to six counts of unarmed bank robbery in connection with the robberies of the Security National Bank in Springfield October 13; a Key Bank on East Dublin-Granville Road in Columbus October 26; a Huntington Bank on East Dublin-Granville Road in Columbus November 30; a Huntington Bank in London December 30; and an LCNB in Oakwood and a Key Bank on Miamisburg-Centerville Road in Dayton January 3. Each count of unarmed bank robbery is punishable by up to 20 years in prison. The man also pleaded guilty to armed bank robbery for robbing the First Merit Bank in Powell January 10, and a PNC Bank in Whitehall January 11. Each armed robbery count is punishable by up to 25 years in prison. The man also pleaded guilty to one count of brandishing a weapon during the Powell robbery. That crime carries a mandatory sentence of 7 years in prison consecutive to any time served for the robberies. Columbus police officers arrested the convict after the Whitehall robbery. He has been in custody since his arrest. Source:

Information Technology

42. March 30, The Register – (International) Comodo admits 2 more resellers pwned in SSL cert hack. Comodo has admitted an additional two registration authorities tied to the digital certificates firm were hit by a high-profile forged digital certificate attack earlier in March. No forged certificates were issued as a result of the assault on the other victims. Comodo previously admitted the compromise of one of its partners in southern Europeallowed a hacker to generate bogus SSL certificates for many popular Web sites. These certificates were revoked hours after they were issued, but the incident only became public after browser developers, such as Microsoft and Mozilla, published updates. The certificates create a means to mount convincing man-in-the-middle or phishing attacks. Earlier the week of March 28, an Iranian hacker claimed responsibility for the assault. Comodo has now discovered two more registration authorities (also unnamed) were hit by the same attack. Comodo’s CTO said the company was in the process of rolling out two-factor authentication products to its registration authorities, as a safeguard against future attacks, which will take about 2 weeks. In the meantime, Comodo has promised to review validation work by resellers before issuing certificates, rather than trusting the entire process to resellers. Source:

43. March 30, IDG News Service – (International) Texas Instruments sees 6 month disruption at Japan plant. Texas Instruments (TI) anticipates between 4 and 6 months of disruption to its chip manufacturing operations in Japan following the massive earthquake March 11, IDG News Service reported March 30. The company’s factory in Miho was closed by the quake and suffered damage to infrastructure and its production line. It was responsible for about 10 percent of the company’s output by revenue in 2010, TI said in a statement. It was an important base for TI’s DLP projector chip technology. Repairs to the infrastructure systems at the plant were completed the weekend of March 26 and 27, as water, gas, chemical, and air delivery have been restored, the company said. Work remains on the equipment at the plant, a portion of which has not been checked. TI said it expects initial production to resume in mid-April with full production achieved about 3 months after that. The plant will be back to full shipment capability in September, which translates to roughly a 6-month break in full shipment ability. Source:

44. March 30, Softpedia – (International) New mass SQL injection attack infects thousands of pages. A new mass injection attack has infected over 28,000 pages and even made its way to iTunes according to security researchers from Websense. Dubbed LizaMoon, after the domain hosting the malicious code, the attack uses SQL injection techniques to insert a rogue script element. Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site. These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs. The programs display even more false warnings and ask users to pay for a license in order to clean their machines. In the attack, malicious code also landed on iTunes podcast pages, although in a form that is harmless. Mass injection attacks are a common malware infection vector. Source:

45. March 29, Softpedia – (International) Comodo hacker claims SQL injection used to hack reseller. The Iranian hacker who compromised a Comodo reseller and used its credentials to obtain rogue SSL certificates for high-profile domains claims the original point of entry was an SQL injection vulnerability. When asked by the CEO of Errata Security of how he broke into the first machine at, the hacker said: “SQL injection, then privilage [sic] escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll.” A new message posted on by the hacker as a result of people doubting his claims, describes in more detail how the hack occured. He claimed that after exploiting the SQL injection vulnerability, he set up a remote desktop (RDP) connection to their server, but this was relatively quickly detected by the firewall and blocked. The hacker said 2 days later, he managed to work his way around the firewall restriction and gained access to the system again. This is problematic, because Global Trust should have taken the server offline immediately after realizing someone accessed it without authorization. Source:

46. March 28, IDG News Service – (International) Japanese DRAM makers’ woes echo rest of industry after quake. According to new reports, the earthquake and resulting tsunami in Japan continue to affect production at key factories making 12-inch silicon wafers, the raw materials that chips are etched onto. Market researcher IHS iSuppli estimates that damage to these factories could reduce the supply of silicon wafers globally by 25 percent, which “could have a major effect on worldwide semiconductor production,” particularly DRAM chips. Other chip factories are being hurt by rolling blackouts meant to share electricity made scarce because several power plants were knocked offline in the disaster. DRAM is required for nearly every PC, laptop, smartphone and tablet produced, while all gadgets need a host of chips to run different internal functions. At least three major suppliers of silicon wafers, Sumco, Shin-Etsu Chemical and MEMC Electronic Materials, lost some output due to the disaster. Sumco and Shin-Etsu alone account for 72 percent of all 12-inch silicon wafers, according to Credit Suisse. Sumco, the world’s biggest supplier of 12-inch wafers, said March 28 it has begun repairs at a factory in Yonezawa, although the company did not say when the plant may be running again. Shin-Etsu, the world’s second-biggest supplier of 12-inch silicon wafers, said March 25 that production at two of its factories remains “wholly halted.” MEMC, a U.S. company, shut operations at its factory in Utsunomiya, after the earthquake and said it expected “shipments from this facility will be delayed over the near term.” Without reliable power and with transportation still disrupted by earthquake and tsunami damage, the supply of wafers from these companies will continue to be affected. Renesas Technology said March 28 that it does not expect production at its chip fabrication plant in Hitachinaka to begin until July, and then it will only be at part of the plant. Source:

For another story, see item 11 above in the Banking and Finance Sector

Communications Sector

47. March 30, Brockton Enterprise – (Massachusetts) Raynham officials plead for help in maintaining the town’s TV link to Boston. Raynham, Massachusetts officials are asking a U.S. Representative for his assistance in ensuring cable subscribers continue to get Boston TV stations. The Federal Communications Commission (FCC) has classified Raynham and other southeastern Massachusetts communities –- including Easton, Mansfield, Norton, and Taunton –- as being in the Providence, Rhode Island market, and not the Boston market. That means FCC can force the cable company to black out Boston television stations and carry Providence stations upon request by a Providence station. “A representative in Massachusetts, whatever he does, should come over our local TV stations. We don’t care about Rhode Island governors, senators, representatives,” he said. Town officials are asking the U.S. Representative for help in getting FCC to reclassify Raynham, and other southeastern Massachusetts communities for the Boston market. FCC regulations allow TV stations and the commission to initiate a change in designated market area; however, municipalities are not allowed to do so. Raynham officials are also asking the Representative to get FCC to make a rule change to allow cities and towns to apply to change market designation. Source:

48. March 28, Press of Atlantic City – (New Jersey) WMGM-TV 40 fined $4,000 for airing news release without identifying sponsor. WMGM-TV 40 has been fined $4,000 for airing a video news release about a nasal spray during its weekly health segment without letting viewers know who sponsored it, the Federal Communications Commission (FCC) said. The “Lifeline” segment, which aired October 2006, was introduced by a health reporter as “especially important as we begin the cold and flu season and one of the biggest travel times of the year,” FCC notice of the fine states. The segment, which was edited for broadcast, was produced by Matrixx, the company that makes the Zicam zinc nasal preparation. The station is required to identify the sponsor because “listeners and viewers are entitled to know who seeks to persuade them,” the 9-page FCC document states. In this case, viewers may have been even more confused, as Shore Memorial Hospital in Somers Point was mentioned as a sponsor of the segment, but the material was supplied by the company that makes Zicam, the FCC notice states. In both cases, the complaints were filed by Free Press and the Center for Media and Democracy, FCC said. The WMGM general manager said the station argued it did not break the law because it was not compensated for airing the segment. Source: